TNC: Add more debug infor to EAP-TNC server state changes

This commit is contained in:
Jouni Malinen 2010-04-18 12:24:02 +03:00
parent 11804a4ebc
commit e4cbe058d6

View file

@ -21,8 +21,10 @@
struct eap_tnc_data { struct eap_tnc_data {
enum { START, CONTINUE, RECOMMENDATION, FRAG_ACK, WAIT_FRAG_ACK, DONE, enum eap_tnc_state {
FAIL } state; START, CONTINUE, RECOMMENDATION, FRAG_ACK, WAIT_FRAG_ACK, DONE,
FAIL
} state;
enum { ALLOW, ISOLATE, NO_ACCESS, NO_RECOMMENDATION } recommendation; enum { ALLOW, ISOLATE, NO_ACCESS, NO_RECOMMENDATION } recommendation;
struct tncs_data *tncs; struct tncs_data *tncs;
struct wpabuf *in_buf; struct wpabuf *in_buf;
@ -43,6 +45,38 @@ struct eap_tnc_data {
#define EAP_TNC_VERSION 1 #define EAP_TNC_VERSION 1
static const char * eap_tnc_state_txt(enum eap_tnc_state state)
{
switch (state) {
case START:
return "START";
case CONTINUE:
return "CONTINUE";
case RECOMMENDATION:
return "RECOMMENDATION";
case FRAG_ACK:
return "FRAG_ACK";
case WAIT_FRAG_ACK:
return "WAIT_FRAG_ACK";
case DONE:
return "DONE";
case FAIL:
return "FAIL";
}
return "??";
}
static void eap_tnc_set_state(struct eap_tnc_data *data,
enum eap_tnc_state new_state)
{
wpa_printf(MSG_DEBUG, "EAP-TNC: %s -> %s",
eap_tnc_state_txt(data->state),
eap_tnc_state_txt(new_state));
data->state = new_state;
}
static void * eap_tnc_init(struct eap_sm *sm) static void * eap_tnc_init(struct eap_sm *sm)
{ {
struct eap_tnc_data *data; struct eap_tnc_data *data;
@ -50,7 +84,7 @@ static void * eap_tnc_init(struct eap_sm *sm)
data = os_zalloc(sizeof(*data)); data = os_zalloc(sizeof(*data));
if (data == NULL) if (data == NULL)
return NULL; return NULL;
data->state = START; eap_tnc_set_state(data, START);
data->tncs = tncs_init(); data->tncs = tncs_init();
if (data->tncs == NULL) { if (data->tncs == NULL) {
os_free(data); os_free(data);
@ -83,13 +117,13 @@ static struct wpabuf * eap_tnc_build_start(struct eap_sm *sm,
if (req == NULL) { if (req == NULL) {
wpa_printf(MSG_ERROR, "EAP-TNC: Failed to allocate memory for " wpa_printf(MSG_ERROR, "EAP-TNC: Failed to allocate memory for "
"request"); "request");
data->state = FAIL; eap_tnc_set_state(data, FAIL);
return NULL; return NULL;
} }
wpabuf_put_u8(req, EAP_TNC_FLAGS_START | EAP_TNC_VERSION); wpabuf_put_u8(req, EAP_TNC_FLAGS_START | EAP_TNC_VERSION);
data->state = CONTINUE; eap_tnc_set_state(data, CONTINUE);
return req; return req;
} }
@ -148,17 +182,17 @@ static struct wpabuf * eap_tnc_build_recommendation(struct eap_sm *sm,
{ {
switch (data->recommendation) { switch (data->recommendation) {
case ALLOW: case ALLOW:
data->state = DONE; eap_tnc_set_state(data, DONE);
break; break;
case ISOLATE: case ISOLATE:
data->state = FAIL; eap_tnc_set_state(data, FAIL);
/* TODO: support assignment to a different VLAN */ /* TODO: support assignment to a different VLAN */
break; break;
case NO_ACCESS: case NO_ACCESS:
data->state = FAIL; eap_tnc_set_state(data, FAIL);
break; break;
case NO_RECOMMENDATION: case NO_RECOMMENDATION:
data->state = DONE; eap_tnc_set_state(data, DONE);
break; break;
default: default:
wpa_printf(MSG_DEBUG, "EAP-TNC: Unknown recommendation"); wpa_printf(MSG_DEBUG, "EAP-TNC: Unknown recommendation");
@ -230,9 +264,9 @@ static struct wpabuf * eap_tnc_build_msg(struct eap_tnc_data *data, u8 id)
data->out_buf = NULL; data->out_buf = NULL;
data->out_used = 0; data->out_used = 0;
if (data->was_fail) if (data->was_fail)
data->state = FAIL; eap_tnc_set_state(data, FAIL);
else if (data->was_done) else if (data->was_done)
data->state = DONE; eap_tnc_set_state(data, DONE);
} else { } else {
wpa_printf(MSG_DEBUG, "EAP-TNC: Sending out %lu bytes " wpa_printf(MSG_DEBUG, "EAP-TNC: Sending out %lu bytes "
"(%lu more to send)", (unsigned long) send_len, "(%lu more to send)", (unsigned long) send_len,
@ -242,7 +276,7 @@ static struct wpabuf * eap_tnc_build_msg(struct eap_tnc_data *data, u8 id)
data->was_fail = 1; data->was_fail = 1;
else if (data->state == DONE) else if (data->state == DONE)
data->was_done = 1; data->was_done = 1;
data->state = WAIT_FRAG_ACK; eap_tnc_set_state(data, WAIT_FRAG_ACK);
} }
return req; return req;
@ -338,27 +372,27 @@ static void tncs_process(struct eap_tnc_data *data, struct wpabuf *inbuf)
switch (res) { switch (res) {
case TNCCS_RECOMMENDATION_ALLOW: case TNCCS_RECOMMENDATION_ALLOW:
wpa_printf(MSG_DEBUG, "EAP-TNC: TNCS allowed access"); wpa_printf(MSG_DEBUG, "EAP-TNC: TNCS allowed access");
data->state = RECOMMENDATION; eap_tnc_set_state(data, RECOMMENDATION);
data->recommendation = ALLOW; data->recommendation = ALLOW;
break; break;
case TNCCS_RECOMMENDATION_NO_RECOMMENDATION: case TNCCS_RECOMMENDATION_NO_RECOMMENDATION:
wpa_printf(MSG_DEBUG, "EAP-TNC: TNCS has no recommendation"); wpa_printf(MSG_DEBUG, "EAP-TNC: TNCS has no recommendation");
data->state = RECOMMENDATION; eap_tnc_set_state(data, RECOMMENDATION);
data->recommendation = NO_RECOMMENDATION; data->recommendation = NO_RECOMMENDATION;
break; break;
case TNCCS_RECOMMENDATION_ISOLATE: case TNCCS_RECOMMENDATION_ISOLATE:
wpa_printf(MSG_DEBUG, "EAP-TNC: TNCS requested isolation"); wpa_printf(MSG_DEBUG, "EAP-TNC: TNCS requested isolation");
data->state = RECOMMENDATION; eap_tnc_set_state(data, RECOMMENDATION);
data->recommendation = ISOLATE; data->recommendation = ISOLATE;
break; break;
case TNCCS_RECOMMENDATION_NO_ACCESS: case TNCCS_RECOMMENDATION_NO_ACCESS:
wpa_printf(MSG_DEBUG, "EAP-TNC: TNCS rejected access"); wpa_printf(MSG_DEBUG, "EAP-TNC: TNCS rejected access");
data->state = RECOMMENDATION; eap_tnc_set_state(data, RECOMMENDATION);
data->recommendation = NO_ACCESS; data->recommendation = NO_ACCESS;
break; break;
case TNCCS_PROCESS_ERROR: case TNCCS_PROCESS_ERROR:
wpa_printf(MSG_DEBUG, "EAP-TNC: TNCS processing error"); wpa_printf(MSG_DEBUG, "EAP-TNC: TNCS processing error");
data->state = FAIL; eap_tnc_set_state(data, FAIL);
break; break;
default: default:
break; break;
@ -372,7 +406,7 @@ static int eap_tnc_process_cont(struct eap_tnc_data *data,
/* Process continuation of a pending message */ /* Process continuation of a pending message */
if (len > wpabuf_tailroom(data->in_buf)) { if (len > wpabuf_tailroom(data->in_buf)) {
wpa_printf(MSG_DEBUG, "EAP-TNC: Fragment overflow"); wpa_printf(MSG_DEBUG, "EAP-TNC: Fragment overflow");
data->state = FAIL; eap_tnc_set_state(data, FAIL);
return -1; return -1;
} }
@ -446,7 +480,7 @@ static void eap_tnc_process(struct eap_sm *sm, void *priv,
if (flags & EAP_TNC_FLAGS_LENGTH_INCLUDED) { if (flags & EAP_TNC_FLAGS_LENGTH_INCLUDED) {
if (end - pos < 4) { if (end - pos < 4) {
wpa_printf(MSG_DEBUG, "EAP-TNC: Message underflow"); wpa_printf(MSG_DEBUG, "EAP-TNC: Message underflow");
data->state = FAIL; eap_tnc_set_state(data, FAIL);
return; return;
} }
message_length = WPA_GET_BE32(pos); message_length = WPA_GET_BE32(pos);
@ -456,7 +490,7 @@ static void eap_tnc_process(struct eap_sm *sm, void *priv,
wpa_printf(MSG_DEBUG, "EAP-TNC: Invalid Message " wpa_printf(MSG_DEBUG, "EAP-TNC: Invalid Message "
"Length (%d; %ld remaining in this msg)", "Length (%d; %ld remaining in this msg)",
message_length, (long) (end - pos)); message_length, (long) (end - pos));
data->state = FAIL; eap_tnc_set_state(data, FAIL);
return; return;
} }
} }
@ -467,29 +501,29 @@ static void eap_tnc_process(struct eap_sm *sm, void *priv,
if (len > 1) { if (len > 1) {
wpa_printf(MSG_DEBUG, "EAP-TNC: Unexpected payload " wpa_printf(MSG_DEBUG, "EAP-TNC: Unexpected payload "
"in WAIT_FRAG_ACK state"); "in WAIT_FRAG_ACK state");
data->state = FAIL; eap_tnc_set_state(data, FAIL);
return; return;
} }
wpa_printf(MSG_DEBUG, "EAP-TNC: Fragment acknowledged"); wpa_printf(MSG_DEBUG, "EAP-TNC: Fragment acknowledged");
data->state = CONTINUE; eap_tnc_set_state(data, CONTINUE);
return; return;
} }
if (data->in_buf && eap_tnc_process_cont(data, pos, end - pos) < 0) { if (data->in_buf && eap_tnc_process_cont(data, pos, end - pos) < 0) {
data->state = FAIL; eap_tnc_set_state(data, FAIL);
return; return;
} }
if (flags & EAP_TNC_FLAGS_MORE_FRAGMENTS) { if (flags & EAP_TNC_FLAGS_MORE_FRAGMENTS) {
if (eap_tnc_process_fragment(data, flags, message_length, if (eap_tnc_process_fragment(data, flags, message_length,
pos, end - pos) < 0) pos, end - pos) < 0)
data->state = FAIL; eap_tnc_set_state(data, FAIL);
else else
data->state = FRAG_ACK; eap_tnc_set_state(data, FRAG_ACK);
return; return;
} else if (data->state == FRAG_ACK) { } else if (data->state == FRAG_ACK) {
wpa_printf(MSG_DEBUG, "EAP-TNC: All fragments received"); wpa_printf(MSG_DEBUG, "EAP-TNC: All fragments received");
data->state = CONTINUE; eap_tnc_set_state(data, CONTINUE);
} }
if (data->in_buf == NULL) { if (data->in_buf == NULL) {